Hey, remember when I wrote about network security monitoring and whether you trust your IT folks?
Or the podcast discussion we had on the Nuix Unscripted podcast?
One of our big takeaways from the discussion was to make sure there are multiple people involved in deciding what to monitor, or who to target, to avoid a situation where one rouge security person is misusing the power. Yesterday, I saw a post by Sharon Nelson that laid out another obvious example of a situation where multiple people should have had eyes on something before paying the invoice:
He pleaded guilty to one count of wire fraud for having set up a shell company and billing his employer for firewalls and services that “Interactive Systems” never actually installed.
Turns out the IT Executive sent invoices for a wide variety of hardware and services, approved the invoices himself, and got the company to pay them, all without ever doing any work at all. To the tune of $6 million before anyone started to ask about the company that was billing them so much money.
So, yeah. Maybe more than one person needs to approve these invoices and verify that the stuff you’re paying for, actually exists. There’s simply no reason to trust anyone that much!